Описание
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.
Отчет
This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections. The nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.
Меры по смягчению последствий
Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:
- Copy the Nginx configuration from the quay container to the host $ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx
- Edit the Nginx configuration, removing http/2 support $ sed -i 's/http2 //g' /mnt/quay/nginx/nginx.conf
- Restart Nginx with the new configuration mounted into the container, eg: $ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | nginx | Not affected | ||
| OpenShift Service Mesh Tech Preview | maistra | Not affected | ||
| Red Hat 3scale API Management Platform 2 | nginx | Will not fix | ||
| Red Hat AMQ Broker 7 | jetty | Not affected | ||
| Red Hat Ansible Tower 3 | nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.16/nginx | Not affected | ||
| Red Hat JBoss Data Grid 7 | undertow | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | undertow | Not affected | ||
| Red Hat JBoss Fuse 6 | undertow | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Some HTTP/2 implementations are vulnerable to resource loops, potentia ...
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
EPSS
7.5 High
CVSS3